If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

"Human error"..............is that the new euphemism for "they will never find the body"????

Last edited by nihil; July 28th, 2010 at 09:26 PM.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

Seriously though, I wonder how many vendors of badged Chinese kit actually let them load the firmware? The answer should be "zero", but I wonder?

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

how could a win32 program(normally written in a high level language like c vb c#) that depend on other system library's to do it's job.

runs on a low level bios ???

I am afraid I don't have any details but can make the following suggestions:

A number of devices in your computer have memory capabilities to store the firmware that runs them. Motherboard, CD, DVD, Video Card etc.........these can usually be "flashed"

All you need to do is add your malware to the firmware and it will run as soon as the device is activated.

Like yourself, I doubt if the malware is written in a high level language such as you mention. It is most likely to be Assembly (ASM) language, microcode or whatever, that then "phones home" to get the full version of the malware and its payload.

I still have a few 5.25" 360Kb floppies with viruses in their boot sectors.

You can write some pretty nasty stuff in Assembler

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

In computer terms supervisor mode is a hardware-mediated flag which can be changed by code running in system-level software. System-level tasks or threads will have this flag set while they are running, whereas user-space applications will not. This flag determines whether it would be possible to execute machine code operations such as modifying registers for various descriptor tables, or performing operations such as disabling interrupts

Firmware generally runs at the Kernel or HAL. Drivers work in more remote rings (1 & 2) and applications beyond that (3) Obviously, some systems only have two rings, and are pretty monolithic.

If you infect the firmware you can make the problem travel outwards. The concept isn't really what runs where, it is more one of where do I hide my malware and get it to execute?

At the kernel level all you can really do is crash the system. You need to be in the user/applications layer to cause mahem. That is where you have your higher level language malware.

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?